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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )^| Responsive to communication(s) filed on 1 5 September 201 0 . 
2a )£3 This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^3 Claim(s) 1-20 and 25-32 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) |EI Claim(s) 1-20 and 25-32 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) L~H The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)^ accepted or b)^ objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)D All b)D Some * c)D None of: 

1 0 Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 

This Office Action is in response to Applicant's Remarks filed September 15, 

2010. 

Claims 1-20 and 25-32 are pending and herein considered. 

Response to Arguments 

Applicant's arguments filed September 15, 2010 have been fully considered but 
they are not persuasive. 

In response to Applicant's first set of remarks regarding Alkhatib's alleged failure 
to teach or suggest "a key exchanger configured to repeatedly derive a cipher key such 
that the resulting cipher key changes over time" and decrypting, according to a cipher 
algorithm keyed by the cipher key, the extracted packet header data to determine a 
restored address" the Examiner respectfully disagrees for the following reasons. 
Alkhatib provides for the encoding/translation of addresses in order to provide more 
efficient use of storage space, security and compatibility (par 36). This translation may 
be done via known methods of encryption, compression, or encoding and allows for an 
entity to secure data at one end while allowing for the receiving entity to extract the 
information at a later time by unencoding, decoding, decompressing, unencrypting the 
information using that same information that was used to encode, compress or encrypt 
the information originally. 
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In response to Applicant's remarks concerning independent claims 6, 1 1, and 16 
the Examiner respectfully maintains her rejection for those reasons presented above 
with respect to claim 1 . 

In response to Applicant's remarks concerning dependent claims 2-5, 7-10, 12- 
15, and 25-32 the Examiner respectfully maintains her rejection of the claims based on 
their dependence on rejected independent claims 1,6,11, and 1 6 and for those 
reasons presented in the outstanding office action. 

In response to Applicant's next set of remarks regarding Alkhatib's alleged failure 
to teach or suggest "the host portion of the address having been translated without the 
network portion also being translated, and wherein said translator is configured to 
restore the host portion of the address without also restoring the network portion of the 
address" the Examiner respectfully disagrees for the following reasons. Alkhatib 
provides for a variety of embodiments whereby different portions of a packet's address 
may be translated while others remain untranslated and whereby different portions of 
the addresses may be placed in different areas of the headers (par 56). For example, in 
paragraph 67 the situation arises in which the routing and translation serves to transport 
the packet to a secondary location where yet another translation must be done in order 
to locate a particular address within a larger address space. 

It is for the reasons presented above and based on the reference in its entirety 
that the Examiner maintains her rejection for those reasons presented in the 
outstanding office action and repeated below for Applicant's convenience. 
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Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351 (a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty in the English language. 

Claims 1-20 and 25-32 are rejected under 35 U.S.C. 102(e) as being 
anticipated by US Patent Application Publication Number 2002/0184390 to Hasan 
Alkhatib. 

As per claim 1, Alkhatib teaches an apparatus for detecting adversarial activity 
on the network, comprising: 

a memory configured to store a host table (par 61 ); 

a key exchanger configured to repeatedly derive a cipher key such that the 
resulting cipher key changes over time (par 67); 

a translator configured to restore predetermined portions of packet header 
information of a data packet, the packet header information including a network portion 
of a destination address routable over a wide area network and an encrypted host 
protion of the address identifying a destination host (par 15), the restoration including to: 
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extract, from the packet header information, predetermined portions of packet 
header data including the encrypted host portion of the address, decrypt, according to a 
cipher algorithm keyed by the cipher key, the extracted packet header data to determine 
a restored address and place the restored address back into the packet header 
information of the data packet (par 12 "the Domain Name Router receives the data, 
extracts the destination's domain name from the data, translates that domain name to a 
local address in its stub network and sends the data to the destination; par 14; par 36 
"That extraction or identification can be by unencoding, decoding, decompressing, 
unencrypting, etc"; par 67); 

a mapping device configured to map the restored address to the host table (par 

39 ); 

a host resolution device configured to issue a request to the network to resolve 
the restored address when the restored address does not match an entry in the host 
table and then supplement the host table with the restored address upon receipt of a 
reply to the request that indicates that the restored address is valid (par 39; par 61); and 

an actuator configured to trigger a security device when the restored address 
does not match an entry in the host table (par 68 "error message"). 

As per claim 2, Alkhatib teaches wherein the security device is a logging device 
configured to log the data packet (par 61). 

As per claim 3, Alkhatib teaches wherein the security device is configured to 
signal an alarm when triggered (par 68 "error message"). 



Application/Control Number: 09/928,133 Page 6 

Art Unit: 2437 

As per claim 4, Alkhatib teaches wherein said host resolution device is 
configured to derive the host table using an address resolution protocol (par 67). 

As per claim 5, Alkhatib teaches a network device configured to place the data 
packet onto a network when the restored address maps to the host table (par 69). 

As per claim 25, Alkhatib teaches the host portion of the address having been 
translated without the network portion also being translated, and wherein said translator 
is configured to restore the host portion of the address without also restoring the 
network portion of the address (par 67). 

As per claim 26, Alkhatib teaches wherein the data packet includes a translated 
packet header with a plurality of fields carrying packet header information, the translated 
packet header including the translated packet header information in one or more 
predetermined fields of the translated packet header interspersed with un-translated 
packet header information in fields other than the one or more fields of the translated 
packet header, and wherein said translator is configured to restore at least a portion of 
the packet header information in the one or more predetermined fields (par 67). 

Claims 6-10 and 27-28 correspond to the method employed by the apparatus in 
claims 1-5 and 25-26 respectively and are rejected accordingly. 

Claims 11-15 and 29-30 correspond to a device equivalent to the apparatus in 
claims 1-5 and 25-26 respectively and are rejected accordingly. 
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Claims 16-20 and 31-32 correspond to a bastion-host form of the apparatus in 
claims 1-5 and 25-26 respectively and are rejected accordingly. 

Conclusion 

THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1 .136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later 
than SIX MONTHS from the mailing date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Tamara Teslovich whose telephone number is 
(571)272-4241 . The examiner can normally be reached on Mon-Fri 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Emmanuel Moise can be reached on (571) 272-3865. The fax phone 
number for the organization where this application or proceeding is assigned is 571- 
273-8300. 
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Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 
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Supervisory Patent Examiner, Art Unit 2437 



